Cross-Site Scripting Vulnerability in D-Link Routers
CVE-2004-0615

Currently unrated

Key Information:

Vendor

D-link
Status
Di-704p
Di-614\+
Di-624
Vendor
CVE Published:
6 December 2004

What is CVE-2004-0615?

The D-Link DI-614+ and DI-704 SOHO routers, running specific firmware versions, are susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw enables remote attackers to inject arbitrary scripts or HTML code via the DHCP HOSTNAME option in a DHCP request. Successful exploitation could lead to unauthorized access to sensitive user information or unauthorized actions on behalf of users interacting with the router's web interface.

References

http://www.securityfocus.com/bid/10587
vdb-entryx_refsource_BID
http://secunia.com/advisories/11919
third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/7211
vdb-entryx_refsource_OSVDB

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2004-0615 : Cross-Site Scripting Vulnerability in D-Link Routers